<?php
	/* wphpot, based on phpot with a wordpress login page      	*/
	/* phpot, minimalist web honeypot written in PHP and MySQL 	*/
	/* Licensed under GNU/GPLv3                  				*/
	/* a0rtega - alberto[at]pentbox[dot]net      				*/
	/*                securitybydefault.com      				*/
	/*											 				*/
	/* Pedro C. - madesyp [at] madesyp [dot] com 				*/
	/*                               madesyp.com 				*/
	/*                           navajanegra.com 				*/
	/*
		mysql> describe maldades;
		+---------+--------------+------+-----+---------+-------+
		| Field   | Type         | Null | Key | Default | Extra |
		+---------+--------------+------+-----+---------+-------+
		| id      | varchar(50)  | NO   | PRI | NULL    |       |
		| ip      | varchar(50)  | YES  |     | NULL    |       |
		| country | varchar(5)   | YES  |     | NULL    |       |
		| uagent  | varchar(200) | YES  |     | NULL    |       |
		| user    | varchar(200) | YES  |     | NULL    |       |
		| pass    | varchar(200) | YES  |     | NULL    |       |
		| date    | varchar(35)  | YES  |     | NULL    |       |
		| type    | varchar(5)   | YES  |     | NULL    |       |
		+---------+--------------+------+-----+---------+-------+
		8 rows in set (0.00 sec)

		mysql>
	*/
	function conn_db() {
		$db_conn = mysql_connect("127.0.0.1", "s4ur0n", "pwds3gur0");
		mysql_select_db("honeypot", $db_conn);
		return $db_conn;
	}
	function ip_2_country($ip) {
		return file_get_contents("http://api.hostip.info/country.php?ip=" . $ip);
	}
?>
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
	<title>My CMS &rsaquo; Log In</title>
<link rel='stylesheet' id='wp-admin-css'  href='http://es.wordpress.com/wp-admin/css/wp-admin.css' type='text/css' media='all' />
<link rel='stylesheet' id='colors-fresh-css'  href='http://es.wordpress.com/wp-admin/css/colors-fresh.css' type='text/css' media='all' />
<meta name='robots' content='noindex,nofollow' />
</head>
<body class="login" onfocus="<script>document.getElementById(login_error).style.visibility='hidden';</script>">
<div id="login"><h1><a href="http://wordpress.org/" title="Powered by WordPress">My CMS</a></h1>

<div id="wphot"></div>

<form name="loginform" id="loginform" action="/wp-login.php" method="post">
	<p>
		<label for="user_login">Username<br />
		<input type="text" name="log" id="user_login" class="input" value="" size="20" tabindex="10" /></label>
	</p>
	<p>
		<label for="user_pass">Password<br />
		<input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label>
	</p>
	<p class="forgetmenot"><label for="rememberme"><input name="rememberme" type="checkbox" id="rememberme" value="forever" tabindex="90" /> Remember Me</label></p>
	<p class="submit">
		<input type="submit" name="wp-submit" id="wp-submit" class="button-primary" value="Log In" tabindex="100" />
		<input type="hidden" name="redirect_to" value="http://navajanegra.com/wordpress/wp-admin/" />
		<input type="hidden" name="testcookie" value="1" />
	</p>
<?php
    if (isset($_POST["log"]) && isset($_POST["pwd"])) {
		srand (time());
		sleep(rand(1,3)); /* trolling art */
		if (strpos($_POST["log"], "'") !== false || strpos($_POST["pwd"], "'") !== false) {
?>
			<script>document.getElementById('wphot').innerHTML = '<div id="login_error"><strong>Warning</strong>: mysql_num_rows() <strong>ERROR</strong>: Usuario o email no v&aacute;lido. Si no lo recuerdas, deja un email a contacto [at] navajanegra [dot] com para recuperar tu contrase&ntilde;a<br /></div>';</script>
<?php
		}
		else {
?>
			<script>document.getElementById('wphot').innerHTML = '<div id="login_error"><strong>ERROR</strong>: Usuario o email no v&aacute;lido. Si no lo recuerdas, deja un email a contacto [at] navajanegra [dot] com para recuperar tu contrase&ntilde;a<br /></div>';</script>
<?php
		}
		$country = ip_2_country($_SERVER['REMOTE_ADDR']);
		$db_conn = conn_db();
		mysql_query("insert into maldades values ('" . time() . "', '" . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . "', '" .
			    mysql_real_escape_string($country) . "', '" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "', '" .
			    mysql_real_escape_string($_POST["log"]) . "', " . "'" . mysql_real_escape_string($_POST["pwd"]) . "', '" .
			    date("r") . "', 'TROLL');", $db_conn);
		mysql_close($db_conn);
	}
	else {
		sleep(1);
		$country = ip_2_country($_SERVER['REMOTE_ADDR']);
		$db_conn = conn_db();
		mysql_query("insert into maldades values ('" . time() . "', '" . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . "', '" .
			    mysql_real_escape_string($country) . "', '" . mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']) . "', '" .
			    "null', 'null', '" .
			    date("r") . "', 'VISIT');", $db_conn);
		mysql_close($db_conn);
	}
?>
</form>

<p id="nav">
<a href="http://es.wordpress.com/wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password?</a>
</p>

<script type="text/javascript">
function wp_attempt_focus(){
setTimeout( function(){ try{
d = document.getElementById('user_login');
d.focus();
d.select();
} catch(e){}
}, 200);
}

wp_attempt_focus();
if(typeof wpOnload=='function')wpOnload();
</script>

	<p id="backtoblog"><a href="http://es.wordpress.com/" title="Are you lost?">&larr; Back to My CMS</a></p>
	</div>


<div class="clear"></div>
</body>
</html>
